There’s one positively enormous shoe that still hasn’t dropped in special counsel Robert Mueller’s investigation into Russian interference with the 2016 campaign: an indictment about all those hacked emails.
The hacking and release of leading political figures’ emails is the most visible election intervention attributed to Russia’s government. And it’s long been one of the leading, and perhaps the leading, possibility about just what “collusion” between Donald Trump’s team and the Russians might have involved.
That’s not mere speculation. We’ve gradually learned of not one but six times Trump associates at least tried to get involved with either Russian-provided dirt, hacked Democratic emails, or WikiLeaks. We don’t yet know whether these furtive contacts resulted in anything of significance — but one of these advisers, George Papadopoulos, has already pleaded guilty to lying to the FBI about the matter and has begun cooperating with Mueller’s team.
These hacks were crimes, victimizing many hundreds of Americans (those who had their documents stolen, and those who corresponded with them). The operation was more wide-ranging than many remember, targeting not just John Podesta and the DNC but many other people and groups. It wasn’t just emails stolen, either — posted material ranged from Democratic Party turnout data that a Republican operative thought was “probably worth millions of dollars” to even a purported picture of Michelle Obama’s passport.
No charges have been filed in the matter — yet. But some are likely coming. The Wall Street Journal has reported that the US has identified “more than six members of the Russian government” involved in the DNC hacks. And the Daily Beast recently wrote that investigators have identified a specific Russian intelligence officer behind “Guccifer 2.0,” a leading figure in the hacks. Mueller is now overseeing the probe.
To understand what happened in 2016, we have to understand the hackings. And though some mysteries remain, much of the complex story has gradually been pieced together by journalists and cybersecurity experts. The consequences, of course, unfolded in plain sight during the campaign itself.
How the hacks happened (a phishing expedition)
The media often shorthands the 2016 hack story as: Russians hacked Podesta and the DNC’s email accounts, and WikiLeaks then posted those hacked emails publicly.
The full story is more complex. Let’s start at the beginning.
Between March 2015 and May 2016, a group of hackers went on a phishing expedition. The “baited lines” they cast out were at least 19,000 malicious emails that resembled the one below:
These emails were designed to look as if they were coming from Google. But they were in fact designed to trick people into clicking through and entering their login credentials — delivering them right into the hackers’ hands.
According to a later Associated Press analysis of a report by the information security firm SecureWorks, at least 573 of the more than 4,700 email addresses targeted were American. They included many US government officials, military officials, intelligence officials, and defense contractors.
Particularly beginning in March and April 2016, these targets began to include many Democrats as well. Per the AP, more than 130 Democratic accounts were sent these malicious links, compared to just “a handful” of Republican accounts. Podesta and several Clinton staffers — along with former Secretary of State Colin Powell, retired Gen. Philip Breedlove, and others — had their accounts successfully compromised. (We know all this because the hackers used the link-shortening tool Bitly to do their work and accidentally left their activity publicly viewable.)
Russia was eventually blamed for the phishing expedition, for several reasons. For one, SecureWorks concluded the particular malware used in this campaign was tied to a hacking group that outside researchers had been tracking for some time — a group they thought to be linked the GRU, Russia’s foreign military intelligence agency. We don’t know what the secretive hacking group calls itself, but various cybersecurity researchers had given it several names: Iron Twilight, APT (Advanced Persistent Threat) 28, Pawn Storm, and — most famously — “Fancy Bear.”
Circumstantial evidence also suggests a Russian-tied culprit. For instance, the phishers were extremely focused on Ukraine — at least 545 targeted email accounts were from there, comparable to the number of American targets. These included Ukraine’s president and many other top government officials, who are hostile to Vladimir Putin’s regime.
The Russians targeted, meanwhile, were generally critics of Putin’s government and journalists. Another interesting detail, per the AP, is that more than 95 percent of the malicious links were created between the hours of 9 am and 6 pm, Monday to Friday — Moscow time.
Around April 2016, as this phishing campaign increasingly began to target Democrats, material was also taken from the DNC. The firm Crowdstrike attributed this as a hack from Fancy Bear, citing the malware used, and other firms agreed with this assessment. These firms also concluded that a separate group of Russian-tied hackers (dubbed “Cozy Bear”) had been in the DNC’s systems for much longer, since all the way back in the summer of 2015.
The precise mechanisms of how the DNC was breached remain somewhat murky. But Fancy Bear’s phishing campaign did send out malicious links to nine DNC email accounts in March and April 2016. And as we’ll soon see, hacked DNC material ended up in the same place as hacked material from Podesta and others. A January 2017 US intelligence report would later specifically blame Russia’s GRU — the agency thought to be behind Fancy Bear — for taking “large volumes of data from the DNC.”
As striking as all this may seem, though, government-backed hacking is far from unusual. The US does it. Our allies do it. Our rivals do it. China was said to have hacked Barack Obama and John McCain’s presidential campaigns in 2008 and was then tied to a massive theft of federal data in 2015. Foreign intelligence agencies trying to peek into political activities seemed to be something that just, well, happened all the time.
What came next in 2016, however, was a jarring departure from these norms — the hacked information began to be posted publicly, in massive amounts.
A timeline of odd events between the hacks and the leaks
The backdrop to all of this was the US presidential election — the first series of primaries and caucuses took place in February and early March. The surprisingly Russia-friendly Donald Trump emerged as the clear leader in the Republican contest, over his Putin-critical rivals Ted Cruz and Marco Rubio. Meanwhile, Hillary Clinton, with whom Putin’s regime had long had chilly relations, emerged as the favorite for the Democratic nomination over Bernie Sanders.
It was around this point — in mid-March 2016 — that the phishing campaign began to particularly target many Democrats’ and Clinton campaign staffers’ email accounts, according to SecureWorks’ analysis.
There were several other events that, in retrospect, are either relevant or at the very least intriguing:
- April 7: Putin condemns the Panama Papers leak. In early April, an international consortium of journalists published reports on a cache of leaked documents tracing offshore wealth — the Panama Papers. Many of the documents revealed financial information about Putin’s inner circle, and Putin publicly claimed the stories were part of a US plot against Russia. “They are trying to destabilize us from within in order to make us more compliant,” he said. Many have posited that the Russian government may have then wished to retaliate.
- April 19: The domain for DCLeaks, a website that would eventually post many hacked documents, is registered. For now, nothing is posted. (US intelligence agencies have said Russia’s GRU is behind the site.)
- April 26: George Papadopoulos gets an intriguing tip. Papadopoulos, a young foreign policy adviser to the Trump campaign, sat down in London with a professor named Joseph Mifsud. Mifsud told him he’d just traveled to Moscow and met high-level Russian government officials. He added to Papadopoulos that Russia had obtained “dirt” on Hillary Clinton, in the form of thousands of emails.
- June 6 to 8: DCLeaks begins posting, but not about the election. DCLeaks’ posts of hacked documents indicated that it was Russian ties. That’s because they included the hacked emails of retired Gen. Philip Breedlove, who had commanded NATO forces in Europe and pushed for a harder line against Russia in Ukraine. They also included documents from George Soros’s Open Society Foundation. (The Russian government has blamed Soros and his associated groups for opposing its interests in Ukraine.)
- June 9: The Trump Tower meeting: Shortly afterward, Donald Trump Jr., Paul Manafort, and Jared Kushner met a Russian lawyer and four other people with Russian ties at Trump Tower. Don Jr. had agreed to take the meeting based on the promise of “official documents and information that would incriminate Hillary,” as part of “Russia and its government’s support for Mr. Trump” (as it was put to him in an email). Everyone involved claims nothing came of this meeting.
Throughout all this time, there was no public indication that the phishing campaign, or the hacking of the DNC and other campaign figures’ emails, had taken place. Just days later, that would change.
source:-vox